Work
Life
Audiobooks
Games
Smart Home
Kubernetes using external bucket | DIMI’s place

DIMI's place

My thoughts on different things

2 December 2022

Kubernetes using external bucket

Problem

I wanted to help our CI team & was looking for a way how to mount google bucket to existing k8s cluster.

Don’t trust documentation:

There is a official documentation mention - especially code snipped:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-resource-backend
spec:
  defaultBackend:
    resource:
      apiGroup: k8s.example.com
      kind: StorageBucket
      name: static-assets
  rules:
    - http:
        paths:
          - path: /icons
            pathType: ImplementationSpecific
            backend:
              resource:
                apiGroup: k8s.example.com
                kind: StorageBucket
                name: icon-assets

This is the only mention of StorageBucket in the web. Someone wrote it, but haven’t notified developers, tech writers and other people. You cannot find that in API.

Solution for a problem:

So trying different annotations (and thanks for stackoverflow for initial vector), going through different options I had figured out:

Service Part (only one should exist per bucket):

kind: Service
apiVersion: v1
metadata:
  name: google-storage-buckets
spec:
  type: ExternalName
  externalName: storage.googleapis.com
  ports:
  - name: https
    port: 443
    protocol: TCP
    targetPort: 443

Ingress Part:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: css-resources
  namespace: 
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginx.ingress.kubernetes.io/secure-backends: "true"
    nginx.ingress.kubernetes.io/upstream-vhost: "storage.googleapis.com"
    nginx.ingress.kubernetes.io/rewrite-target: <google-cloud-bucket>/<path-to-resource-folder>/$2
spec:
   ingressClassName: nginx
   tls:
    - hosts:
      - <your virtual host you are routing from>
   rules:
   - host: - <your virtual host you are routing from>
     http:
      paths:
      - path: <path in your virtual host>
        pathType: Prefix
        backend:
          service:
            name: google-storage-buckets
            port: 
              number: 443

Bonus - for testing:

I found it hard to test at first, so adding extra annotation allowed me to track if bucket is used through cookie:

...
metadata:
  ...
  annotations:
    ...
    nginx.ingress.kubernetes.io/configuration-snippet: |
      more_set_headers "<cookie name>:<cookie value>";
      more_set_headers "gcp-bucket-test-path: /my-bucket";

Useful links:

tags: k8s - gcp - bucket